The biggest headache for network O & M personnel is the use of BT. The negative effects are well known: the use of btsoftware by a few users will occupy a large amount of bandwidth, which affects the use of most normal network users in the LAN. Even if someone opens BT in the LAN, no one else can even browse a normal webpage. That is, BT occupies too many network resources, resulting in insufficient network resources.
At present, many enterprises use BT, e-ass, and other software to download work-related documents, regardless of their time range, due to the use of these software, the data traffic increases greatly, which greatly occupies the Internet egress bandwidth of the LAN, thus affecting the normal work of all staff.
At the same time, downloading with BT is often prone to virus risks. According to statistics from the National Information Security Department, about 60% of the viruses are transmitted through BT downloading, which increases the security risks of Enterprise LAN; at the same time, the use of BT to download a large number of movies, music and other files has not been approved by the copyright department, which will undoubtedly bring certain legal risks to the enterprise and lay a hidden danger for the enterprise image.
Currently, blocking BT downloading applications in a LAN is generally as follows:
1. Use the Broadband Router Device of an enterprise to set the speed limit for user upload and download. IXPUB users once introduced: "The Ai-Thai router used in our internet cafe has a speed limit for uploading and downloading. I have limited the upload speed to 256 kb and downloaded 1 MB. Now it's okay, bt does not affect." Block BT download using Blocked ports
2. shield the network port. If the network administrator is familiar with the port used by the btsoftware, he can use the firewall and other devices to shield the port for downloading and communication. I believe that the BT downloading by the internal staff will be disabled accordingly, this solves the serious problem of BT abuse.
3. Use ISA to block BT downloads. Because ISA blocks downloads based on their features, it can use the most professional blocking software to block downloads of BT from multiple perspectives, in this way, the download function completely loses its role.
Microsoft Internet Secu-rity and Acceleration Server, currently the most professional ISA blocking software, is referred to as ISA. If you want to restrict downloading seed files, you can add an HTTP rule and add the seed extension to the "blocked extension. Of course, you only need to browse the BT download resources published on the Web page to easily crack this method. Here, you need to add another rule to prohibit users from accessing the BT download website, so that they can block users who want to publish BT downloads on the webpage.
However, if enterprise users do not rely on the seeds and BT download resources released on the Web page to download files, the above two restrictions will surely lose their essential role, therefore, you need to filter the protocol based on the characteristics of the data packet to completely restrict the download operations on BT. Here, you need to set an access policy and filter the signature of the HTTP protocol. For example, you can also use the BT download as an example to search for the packet request and enter the packet request used by BT in the specified blocked signature, in this way, when the data packet contains the data request you want to block, it will be automatically discarded by ISA, resulting in the failure to download BT from its employees.
4. Use professional security devices for management. The H3C UTM unified Threat Management device released by Yihua 3 can meet users' needs. H3C SecPath series UTM devices can identify traffic based on application layer features, it also helps users control illegal traffic in the network, such as BT and other BT downloads. In addition, this product can also restrict online games, IM instant messaging, stock trading and other software. In addition, if the customer needs it, it can also provide a user online behavior audit function to fully record users' online behavior, provides a complete basis for post-event forensics.
- Block P2P applications in the LAN to consolidate Intranet Security
- Fast and Furious wireless network BT download tips
- Configure a LAN to easily restrict BT downloads
- Clever setting of wireless routes improves the download speed of wireless network BT